Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u7cwgzBEiPUO1Xnxg5XjSxWe2Jo.roa
File:                     u7cwgzBEiPUO1Xnxg5XjSxWe2Jo.roa (raw, json)
Hash identifier:          5Vbl2hEXK0MbpnYH9OgdfcBtNfEvrNwXn3b068ye9w0=
Subject key identifier:   BB:B7:30:83:30:44:88:F5:0E:D5:79:F1:83:95:E3:4B:15:9E:D8:9A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019CDE8F81675C12A35D6B139ED78656F795
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u7cwgzBEiPUO1Xnxg5XjSxWe2Jo.roa
Signing time:             Wed 11 Mar 2026 20:21:12 +0000
ROA not before:           Wed 11 Mar 2026 20:21:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51396
IP address blocks:        31.57.37.0/24 maxlen: 24
                          31.57.185.0/24 maxlen: 24
                          217.60.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 05:56:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:de:8f:81:67:5c:12:a3:5d:6b:13:9e:d7:86:56:f7:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 11 20:21:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bbb73083304488f50ed579f18395e34b159ed89a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:8b:b3:f1:bb:65:bd:6d:6e:2d:a7:ec:81:e1:
                    18:72:62:5f:f4:27:07:7d:fa:3e:52:e8:8e:3b:38:
                    ce:87:eb:9c:4e:03:9a:60:17:62:c6:0b:4e:b2:1f:
                    46:67:ad:54:67:79:0f:81:64:67:c6:c1:28:87:11:
                    f6:0e:78:ac:30:3c:df:c9:e4:57:55:d7:b1:19:ff:
                    e1:82:12:a1:4e:c1:69:1c:2a:17:81:ed:11:4e:6e:
                    7b:0b:8b:e9:3f:3a:b8:56:4d:0a:22:ee:ae:83:21:
                    c7:a5:f3:f0:09:90:4c:a0:9b:37:ef:64:1b:ce:06:
                    8b:51:15:36:4e:57:d4:6a:a1:f1:92:d3:91:cc:bc:
                    fd:fd:05:fd:03:f5:50:3d:cc:db:32:4b:6f:3c:f8:
                    2c:17:4c:91:00:49:b7:a5:66:ae:ee:5b:e6:3a:fa:
                    d1:64:0d:31:7b:1b:5b:70:9c:b6:ea:e1:ea:22:da:
                    ff:5d:ac:e9:06:61:83:ac:9e:25:ee:a3:7b:a5:7e:
                    67:0c:90:7c:64:d7:45:46:18:01:d2:7e:22:53:d6:
                    dc:89:0c:4f:89:64:c8:70:78:75:3e:2c:0d:87:dc:
                    67:aa:7f:5f:a7:05:6f:e9:f4:eb:2f:c3:51:03:7d:
                    6a:df:5b:fe:a1:14:c6:cf:64:5e:0a:d9:f9:31:6e:
                    61:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:B7:30:83:30:44:88:F5:0E:D5:79:F1:83:95:E3:4B:15:9E:D8:9A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u7cwgzBEiPUO1Xnxg5XjSxWe2Jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.37.0/24
                  31.57.185.0/24
                  217.60.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:a7:c1:2b:f2:75:93:ac:d2:34:36:cf:df:f9:20:b3:33:b8:
         ba:a1:19:dc:55:3d:8a:12:34:a6:62:66:41:ed:89:3f:53:e9:
         c6:15:99:f9:cd:fe:7e:b0:bd:ca:18:85:ad:3f:1a:0c:55:04:
         8c:e0:89:9f:0e:c6:bc:f4:87:a0:c3:18:c8:5d:09:e6:ba:f9:
         d1:b6:38:57:ba:47:81:0f:e2:be:53:39:a4:89:e0:1c:a3:34:
         0d:7a:f7:28:ae:a7:25:de:99:8e:5e:ff:36:9b:a1:59:75:f3:
         7e:85:5d:c0:e0:3b:2f:1c:ba:ea:74:1e:8a:50:62:f6:a0:17:
         59:eb:d0:f8:36:93:8e:27:a9:71:fa:43:e9:a5:73:35:cc:ed:
         f7:30:e5:a8:20:d5:24:0a:03:56:e3:90:5b:f9:22:53:21:5f:
         03:12:64:b1:40:14:ec:97:95:fe:ec:66:e2:67:f8:0f:5b:fb:
         e0:92:3d:26:0a:12:a9:a9:fa:4c:2b:fd:af:af:74:f6:f3:0f:
         3a:88:39:c2:12:c6:de:14:5b:bb:86:cc:d9:4b:37:64:01:22:
         83:6e:ec:5a:7d:51:93:6f:ba:59:fc:ec:a2:42:6c:40:5d:57:
         9a:32:d4:8e:56:b0:86:57:52:cf:1c:7e:7c:c2:97:8c:83:d1:
         62:2a:f0:3c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZzej4FnXBKjXWsTnteGVveVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzExMjAyMTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmI3MzA4MzMwNDQ4OGY1MGVkNTc5ZjE4Mzk1ZTM0YjE1OWVkODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYuz8btlvW1uLafsgeEYcmJf9CcH
ffo+UuiOOzjOh+ucTgOaYBdixgtOsh9GZ61UZ3kPgWRnxsEohxH2DnisMDzfyeRX
VdexGf/hghKhTsFpHCoXge0RTm57C4vpPzq4Vk0KIu6ugyHHpfPwCZBMoJs372Qb
zgaLURU2TlfUaqHxktORzLz9/QX9A/VQPczbMktvPPgsF0yRAEm3pWau7lvmOvrR
ZA0xextbcJy26uHqItr/XazpBmGDrJ4l7qN7pX5nDJB8ZNdFRhgB0n4iU9bciQxP
iWTIcHh1PiwNh9xnqn9fpwVv6fTrL8NRA31q31v+oRTGz2ReCtn5MW5h9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLu3MIMwRIj1DtV58YOV40sVntiaMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdTdjd2d6QkVpUFVPMVhueGc1WGpTeFdlMkpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzklAwQA
Hzm5AwQA2Tz6MA0GCSqGSIb3DQEBCwUAA4IBAQBop8Er8nWTrNI0Ns/f+SCzM7i6
oRncVT2KEjSmYmZB7Yk/U+nGFZn5zf5+sL3KGIWtPxoMVQSM4ImfDsa89IegwxjI
XQnmuvnRtjhXukeBD+K+UzmkieAcozQNevcorqcl3pmOXv82m6FZdfN+hV3A4Dsv
HLrqdB6KUGL2oBdZ69D4NpOOJ6lx+kPppXM1zO33MOWoINUkCgNW45Bb+SJTIV8D
EmSxQBTsl5X+7GbiZ/gPW/vgkj0mChKpqfpMK/2vr3T28w86iDnCEsbeFFu7hszZ
SzdkASKDbuxafVGTb7pZ/OyiQmxAXVeaMtSOVrCGV1LPHH58wpeMg9FiKvA8
-----END CERTIFICATE-----